Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OWASP dependency check #5177

Merged
merged 1 commit into from
Feb 7, 2023
Merged

Add OWASP dependency check #5177

merged 1 commit into from
Feb 7, 2023

Conversation

trask
Copy link
Member

@trask trask commented Feb 3, 2023

No description provided.

@trask trask requested a review from a team February 3, 2023 23:29
trask
trask commented Feb 3, 2023
View reviewed changes
dependencyManagement/build.gradle.kts
@@ -17,6 +17,7 @@ val DEPENDENCY_BOMS = listOf(
"com.google.protobuf:protobuf-bom:3.21.12",
"com.linecorp.armeria:armeria-bom:1.21.0",
"com.squareup.okhttp3:okhttp-bom:4.10.0",
"com.squareup.okio:okio-bom:3.3.0", // applies to transitive dependencies of okhttp
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did this to get rid of complaint about https://nvd.nist.gov/vuln/detail/CVE-2022-24329

@codecov
Copy link

codecov bot commented Feb 3, 2023

Codecov Report

Base: 90.99% // Head: 90.99% // Decreases project coverage by -0.01% ⚠️

Coverage data is based on head (6a842ca) compared to base (4bd1869).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #5177      +/-   ##
============================================
- Coverage     90.99%   90.99%   -0.01%     
- Complexity     4881     4885       +4     
============================================
  Files           545      550       +5     
  Lines         14498    14526      +28     
  Branches       1383     1382       -1     
============================================
+ Hits          13193    13218      +25     
- Misses          910      914       +4     
+ Partials        395      394       -1
Impacted Files Coverage Δ
...ava/io/opentelemetry/sdk/internal/RateLimiter.java 94.11% <0.00%> (-5.89%) ⬇️
.../java/io/opentelemetry/api/logs/DefaultLogger.java 100.00% <0.00%> (ø)
...java/io/opentelemetry/api/logs/LoggerProvider.java 100.00% <0.00%> (ø)
...va/io/opentelemetry/sdk/logs/SdkLoggerBuilder.java 100.00% <0.00%> (ø)
...a/io/opentelemetry/sdk/logs/SdkLoggerProvider.java 100.00% <0.00%> (ø)
...io/opentelemetry/sdk/logs/SdkLogRecordBuilder.java 97.43% <0.00%> (ø)
...emetry/api/events/DefaultEventEmitterProvider.java 100.00% <0.00%> (ø)
.../opentelemetry/api/events/DefaultEventEmitter.java 100.00% <0.00%> (ø)
...opentelemetry/api/events/EventEmitterProvider.java 100.00% <0.00%> (ø)
...pentelemetry/sdk/logs/SdkEventEmitterProvider.java 78.78% <0.00%> (ø)
... and 5 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@jkwatson jkwatson merged commit 07e5654 into open-telemetry:main Feb 7, 2023
@trask trask deleted the add-owasp-check branch October 14, 2024 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkwatson jkwatson jkwatson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trask @jkwatson